Google and T-Mobile push patch for Android security flaw

During the weekend, Google and T-Mobile pushed a patch fixing last week's disclosed security flaw affecting Google's Android. The flaw and the PoC were communicated to Google on October 20th, with the vulnerability itself made possible due to Android's use of outdated third-party software packages.

"Users of the G1 Android phone on Friday have begun receiving a software update that fixes a flaw that security researchers found earlier in the week. The update included the fix to the browser vulnerability and a couple of other minor changes as well, said Michael Kirkland, a Google spokesman. Every user of the G1 may not have gotten the update yet but should within a short time frame, he said. Google worked with T-Mobile USA, the only operator selling the device, to push the update out to users. The G1 went on sale last week, and T-Mobile has not disclosed how many have sold so far."